Bug 157684

Summary: ldap searches hang at ldap_int_select
Product: Red Hat Enterprise Linux 4 Reporter: Brian Nelson <brinel+redhat>
Component: openldapAssignee: Jay Fenlason <fenlason>
Status: CLOSED CURRENTRELEASE QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: jfeeney, srevivo, travnicj-priv, villapla, zmousm
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3250
Whiteboard:
Fixed In Version: openldap-2.2.13-5.4E Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-31 20:40:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 159436, 176344    
Attachments:
Description Flags
Patch against openldap 2.2.16 that fixes the problem.
none
`ldapsearch' output up to a hang none

Description Brian Nelson 2005-05-13 18:43:14 UTC 
+++ This bug was initially created as a clone of Bug #135188 +++

Description of problem:

When using openldap tools on RHEL4, lookups hang at ldap_int_select.
This was reported against Active Directory, but it also happens against
Novell eDirectory (in my case) and possibly others.

The issue has been described, addressed and fixed in OpenLDAP 2.2.16:

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3250


Version-Release number of selected component (if applicable):

openldap-2.2.13-2

How reproducible:

Every time.

Steps to Reproduce:

Run an ldapsearch against an LDAP database 
  
Actual results:
Hangs after displaying results, before displaying summary.

Expected results:
No hang.

Additional info:

Patch against openldap 2.2.15 -> 2.2.16 attached.
Comment 1 Brian Nelson 2005-05-13 18:43:15 UTC 
Created attachment 114349 [details]
Patch against openldap 2.2.16 that fixes the problem.
Comment 2 Brian Nelson 2005-10-31 22:00:19 UTC 
This has been 'NEW' for almost six months. Can it please be addressed?

I have checked that this problem still has not been corrected in the newest
openldap packages (2.2.13-4).
Comment 3 Brian Nelson 2006-02-02 21:28:10 UTC 
Over eight months old now. Can someone please address this?? I don't think I
could have made it any easier.
Comment 4 Jay Fenlason 2006-05-01 20:44:45 UTC 
The patch for this bug will be included in the upcoming RHEL-4U4 release, 
barring suprises during QA.
Comment 5 Jiri TRAVNICEK, alias JITR {temporarily not reading bugmail} 2006-07-10 01:43:08 UTC 
I've experienced a similar problem.

Mine exhibits against Novell eDirectory/LDAP server but only when secured
connection is used. Non-encrypted connections don't have this problem. Secured
connections fail both via SSL (`ldaps://...' URL) as well as when using STARTTLS
(`-Z' or `-ZZ' options). I have no such problem when connecting against
OpenLDAP's slapd (though it's a version different from that of client and runs
on a different machine).

To prevent any potential confusion: The failure strikes at a moment, when almost
all the output of `ldapsearch' has been printed. The only part which doesn't get
through is:

   # search result
   search: 2
   result: 0 Success

   # numResponses: 2
   # numEntries: 1

Using a newer version has fixed the problem as expected. I tested this sometimes
in 1Q/2006 or by the beginning of 2Q/2006 with a rebuilt SRPM from Fedora Core
(don't remember which one -- whether 4, 5 or devel). Surely the version number
was newer than that of  available package.

Do you think I might be experiencing the same bug? If this is not the case, I'd
better file a barnd new bug then...

Well, I started to doubt about the answer to my question. However running the
beast (with debug on: `-d 99' -- don't know what range `-d' really accepts)
again, it seems to have hanged right at `ldap_int_select'. The string
`ldap_int_select' appears three times in the output.

I also found this issue #3304 in OpenLDAP ITS:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3304;selectid=3304

Isn't it related, too? It is said to be fixed in ver. 2.2.18 and I remember the
version from Fedora (the above mentioned one that worked fine) I used was
slightly newer than this.

Well, I should surely try to apply the patch, it's a few lines so could be
applied by hand if patching fails. I think I'll do this sometimes during the
following week. Should I forget, please bug me by mail. (It might be better to
use my business address as I'm in a usual huge delay with my personal one; it is
`travnicj at feec.vutbr.cz' then.)
Comment 6 Jiri TRAVNICEK, alias JITR {temporarily not reading bugmail} 2006-07-10 01:49:29 UTC 
Created attachment 132156 [details]
`ldapsearch' output up to a hang

This is the output of hanging `ldapsearch'. It starts with a prompt (including
the executed command) and ends with another one. The program had to be
terminated, of course, to get tge final prompt.

It should be possible to rerun the command to repeat the test if needed, unless
we have some access restriction set on the NetWare servers. (It's not
impossible to arrange some exceptions, though, if they are needed.)
Comment 7 RHEL Program Management 2006-08-18 17:41:54 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 8 Jay Turner 2006-08-29 01:28:41 UTC 
QE ack for 4.5.
Comment 9 Jay Fenlason 2007-01-31 20:40:30 UTC 
According to the changelog, this has been fixed since 2.2.13-5.4E